Virusinfo uses virustotal to compile their data...which also means they are using an old v7 build...which means that the heuristics they are scanning with aren't the most up to date or complete.

They differ from the heuristics in v2009, which are much more "active" at making detections. Plus there is a new overhaul to the heuristics coming before the new year hopefully that will bring in some new features including a strong web exploit and script heuristic scanner.

Virusinfo uses virustotal to compile their data...which also means they are using an old v7 build...which means that the heuristics they are scanning with aren't the most up to date or complete.

They differ from the heuristics in v2009, which are much more "active" at making detections. Plus there is a new overhaul to the heuristics coming before the new year hopefully that will bring in some new features including a strong web exploit and script heuristic scanner.

Click to expand...

Will the new heuristics also be limited only to users of version 2009, or is it an engine wide update such that every program using the KAV engine, including clones and old versions of KAV will also get the benefits?

Will the new heuristics also be limited only to users of version 2009, or is it an engine wide update such that every program using the KAV engine, including clones and old versions of KAV will also get the benefits?

Click to expand...

I think that the script heuristic module and general improvements to the emulator will extend to v7 aswell, but I will have to check first.

Will the new heuristics also be limited only to users of version 2009, or is it an engine wide update such that every program using the KAV engine, including clones and old versions of KAV will also get the benefits?

Click to expand...

Nope the Anti-Virus SDK still uses ''old'' technology. It's not without a reason why GData changed to BitDefender instead of Kaspersky. I won't be surprised to F-Secure making a move to another engine neither (or fully rely on Hydra in the near future).

Well the architecture update is here and now on public servers. Ladies and gents, please give a warm welcome to kjim (if not here yet then hes coming very soon ), the script heuristic module, new naming for heuristic detections and numerous updates to the PE emulator

Well the architecture update is here and now on public servers. Ladies and gents, please give a warm welcome to kjim (if not here yet then hes coming very soon ), the script heuristic module, new naming for heuristic detections and numerous updates to the PE emulator

Click to expand...

Now that it's on public servers, you might know better whether the benefits extend to v7 and older versions too.....and the KAV workstation line. If you do, then please do inform me

Well the architecture update is here and now on public servers. Ladies and gents, please give a warm welcome to kjim (if not here yet then hes coming very soon ), the script heuristic module, new naming for heuristic detections and numerous updates to the PE emulator

That will come anyway through the regular heuristic updates that come with signatures, but this was a bit special because they have included a new module for scripts/exploits which has proved to be very effective in my testing (I actually think this wasn't released yet, but the other impovements were) and made performance tweaks and other detection enhancements to the normal PE (execuatble) heuristics. Plus with the new naming arrangment they will be able to stuff in a lot more verdicts...aka they are working hard on the heuristic front and are probably going to be targetting many more malware families, as shown by the latest av-c test.

they have included a new module for scripts/exploits which has proved to be very effective in my testing (I actually think this wasn't released yet, but the other impovements were)

Click to expand...

Agree, I think scripts/exploits are still beta

The new emulator released yesterday-ish has many detection improvements with trojans etc so would improve detection for on-demand tests like AVC (but detections wont be shown on any online scanners inc Virustotal or Virusinfo because of older scanning engine)

The (currently beta) emulator which is working on scripts and exploits is more veered to protect against driveby attacks rather than increasing on-demand detections (which AVC emphasizes more on), so wont improve AVCs results by much. The majority of the time, its detections will only be seen while surfing the internet to reduce the number of users getting infected by 0-days.

The new emulator released yesterday-ish has many detection improvements with trojans etc so would improve detection for on-demand tests like AVC (but detections wont be shown on any online scanners inc Virustotal or Virusinfo because of older scanning engine)

The (currently beta) emulator which is working on scripts and exploits is more veered to protect against driveby attacks rather than increasing on-demand detections (which AVC emphasizes more on), so wont improve AVCs results by much. The majority of the time, its detections will only be seen while surfing the internet to reduce the number of users getting infected by 0-days.

Click to expand...

Wow finally Kaspersky came to the realization that their drive-by download detection is crappy. But wait, I thought they said they didn't need to detect exploits because all their users are fully protected because they are happily patching their machines after religiously running the cool new Security Analyzer feature. LOL.

Get with the program. Average users don't patch. You need exploit detection and blocking. Can't wait to test out the ADODB.Stream exploit with their new heuristics.

Its not going to detect 100% of exploits, only some, (also not sure what type of exploits). Anyway, with the vulnrability scanner (included in the Full PC scan), users would know if there is vulnrability and they should upgrade... if they dont, thats simply neglect.

Yes, AVs are there to protect users, but users should also use common sense and initiative to keep themselves protected and by doing that, they would be protected from many exploits. Kaspersky's Vulnrability Scanner is still a step in the right direction to inform the user of this and protect users.

You need exploit detection and blocking. Can't wait to test out the ADODB.Stream exploit with their new heuristics.

Click to expand...

Use please do.... that is one of the exploits types that has been targetted. I think that even the die hard opposition willl say it is a nice improvement.

Get with the program. Average users don't patch.

Click to expand...

*insert picture of orly owl here*
I beg to differ....we have seen the number of people start to patch rise dramatically since the introduction of the vulnerability scanner. If one person patches, that is a victory because that is one less vulnerability to exploit on their machines. Don't bash it till you've seen it in action.